draft-ietf-dhc-dhcpv6-unknown-msg-03.txt   draft-ietf-dhc-dhcpv6-unknown-msg-04.txt 
DHC Working Group Y. Cui DHC Working Group Y. Cui
Internet-Draft Q. Sun Internet-Draft Q. Sun
Updates: RFC3315 (if approved) Tsinghua University Updates: 3315 (if approved) Tsinghua University
Intended status: Standards Track T. Lemon Intended status: Standards Track T. Lemon
Expires: May 16, 2014 Nominum, Inc. Expires: June 19, 2014 Nominum, Inc.
November 12, 2013 December 16, 2013
Handling Unknown DHCPv6 Messages Handling Unknown DHCPv6 Messages
draft-ietf-dhc-dhcpv6-unknown-msg-03 draft-ietf-dhc-dhcpv6-unknown-msg-04
Abstract Abstract
Dynamic Host Configuration Protocol version 6 (DHCPv6) isn't specific DHCPv6 is not specific about handling messages with unknown types.
about handling messages with unknown types. This memo describes the This memo describes the problems and defines how a DHCPv6 server,
problems and defines how a DHCPv6 function node should behave in this client or relay agent should behave when receiving unknown DHCPv6
case. This document updates RFC 3315. messages. This document updates RFC3315.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 16, 2014. This Internet-Draft will expire on June 19, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2
3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 2 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 2
4. Relay Agent Behavior Update . . . . . . . . . . . . . . . . . 2 4. Relay Agent Behavior Update . . . . . . . . . . . . . . . . . 3
4.1. Definition of a Valid Message . . . . . . . . . . . . . . 3 4.1. A Valid Message for Constructing a New Relay-forward
4.2. Relaying a Message towards Server . . . . . . . . . . . . 3 Message . . . . . . . . . . . . . . . . . . . . . . . . . 3
4.3. Relaying a Message towards Client . . . . . . . . . . . . 4 4.2. Relaying a Message toward Server . . . . . . . . . . . . 4
4.3. Relaying a Message toward Client . . . . . . . . . . . . 4
5. Client and Server Behavior Update . . . . . . . . . . . . . . 4 5. Client and Server Behavior Update . . . . . . . . . . . . . . 4
6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
8. Contributors List . . . . . . . . . . . . . . . . . . . . . . 5 8. Contributors List . . . . . . . . . . . . . . . . . . . . . . 5
9. Normative References . . . . . . . . . . . . . . . . . . . . 5 9. Normative References . . . . . . . . . . . . . . . . . . . . 5
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction 1. Introduction
Dynamic Host Configuration Protocol version 6 (DHCPv6) [RFC3315] DHCPv6 [RFC3315] provides a framework for conveying IPv6
provides a framework for conveying IPv6 configuration information to configuration information to hosts on a TCP/IP network. But
hosts on a TCP/IP network. But [RFC3315] is not specific about how [RFC3315] is not specific about how to deal with messages with
to deal with messages with unrecognized types. This document unrecognized types. This document describes the problems and defines
describes the problems and defines the behavior of a DHCPv6 function the behavior of a DHCPv6 server, client or relay agent when handling
node when handling unknown DHCPv6 messages. unknown DHCPv6 messages.
2. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. Problem Statement 3. Problem Statement
When a relay agent receives a message, it decides to send the message
either toward the server or toward the client. However, RFC 3315
does not explicitly describe how the relay agent can determine
whether it should send a message toward the server or the client,
although this is implied by the message definitions in RFC3315.
The relay agent is bound to send a message either to the server or to Another issue is that RFC3315 does not specify what a relay agent
the client. But RFC3315 doesn't explicitly describe how the relay should do if it does not recognize a received message; the relay
agent can find out it should send a message towards the server or agent is not required to relay the message, nor advised to drop the
towards the client. message. If relaying an unknown message, the relay agent is given no
guidance about whether to send it toward the server or the client.
Another issue is that, it's not specific in RFC3315 about what a In addition, there is no specific requirement for dealing with
relay agent should do if it doesn't recognize the received messages. unknown messages by the client or server in RFC3315.
The relay agent isn't required to relay the messages, nor advised to
drop them.
In addition, there is no specific requirement of the client or server Note it is expected that most future DHCPv6 messages will not be used
on dealing with an unknown message in RFC3315. to communicate directly with relay agents (though they may need to be
relayed by relay agents).
4. Relay Agent Behavior Update 4. Relay Agent Behavior Update
A relay agent relays the message towards the server or the client Relay agents relay messages toward servers and clients according to
according to the message type. Relay-reply messages are sent toward the message type. The Relay-reply message is sent toward the client.
the client. The Relay-forward message and other types of message are The Relay-forward message and other types of messages are sent toward
sent toward the server. the server.
We say "toward the client" and "toward the server" because relay We say "toward the client" and "toward the server" because relay
agents may be chained together, so a relay message may be sent agents may be chained together, so a relay message may be sent
through multiple relays along the path to its destination. Relay- through multiple relay agents along the path to its destination.
reply messages specify a destination address; the relay agent Relay-reply messages specify a destination address; the relay agent
extracts the encapsulated message and sends it to the specified extracts the encapsulated message and sends it to the specified
destination address. Any message other than a Relay-reply does not destination address. Any message other than a Relay-reply does not
have such a specified destination, so it follows the default have such a specified destination, so it follows the default
forwarding path configured on the relay agent, which is always toward forwarding path configured on the relay agent, which is always toward
the server. the server.
The sole purpose of requiring relay agents to relay unknown messages The sole purpose of requiring relay agents to relay unknown messages
is to ensure that when legitimate new messages are defined in the is to ensure that when legitimate new messages are defined in the
protocol, relay agents, even if they were manufactured prior to the protocol, relay agents, even if they were manufactured prior to the
definition of these new messages, will, by default, succeed in definition of these new messages, will, by default, succeed in
relaying such messages. relaying such messages.
4.1. Definition of a Valid Message 4.1. A Valid Message for Constructing a New Relay-forward Message
Section 20.1 of [RFC3315] states that: Section 20.1 of [RFC3315] states that:
"When a relay agent receives a valid message to be relayed, it "When a relay agent receives a valid message to be relayed, it
constructs a new Relay-forward message." constructs a new Relay-forward message."
It doesn't define what a valid message is. In this document, we It does not define which types of messages are valid for constructing
specify the definition as follows. Relay-Forward messages. In this document, we specify the definition
as follows.
The message is valid for constructing a new Relay-forward message: The message is valid for constructing a new Relay-forward message:
(a) if the message is a Relay-forward message, or (a) if the message is a Relay-forward message, or
(b) if a relay agent receives the message but the relay agent does (b) if the relay agent receives the message for which it is not the
not identify itself as the target of the message, and the message target according to the message type.
is not a Relay-reply message.
In the case that a new type of relay message is sent to a relay agent In the case that a new type of message is sent by the server to a
but the relay agent doesn't recognize it, the message is put into a relay agent but the relay agent does not recognize it, the message is
Relay-forward message and sent to the server. Then the server knows put into a Relay-forward message and sent to the server.
the relay agent doesn't support the new message.
4.2. Relaying a Message towards Server 4.2. Relaying a Message toward Server
If the relay agent received a Relay-forward message, Section 20.1.2
of [RFC3315] defines the related behavior. If the relay agent
received messages other than Relay-forward and Relay-reply, it MUST
forward them as is described in Section 20.1.1 of [RFC3315].
4.3. Relaying a Message towards Client If the relay agent receives a Relay-forward message, Section 20.1.2
of [RFC3315] defines the required behavior. If the relay agent
receives messages other than Relay-forward and Relay-reply and the
relay agent does not recognize its message type, it MUST forward them
as is described in Section 20.1.1 of [RFC3315].
4.3. Relaying a Message toward Client
If the relay agent receives a Relay-reply message, it MUST process If the relay agent receives a Relay-reply message, it MUST process
the message as is defined in Section 20.2 of [RFC3315], regardless of the message as is defined in Section 20.2 of [RFC3315], regardless of
the type of the message encapsulated in the Relay Message Option. the type of the message encapsulated in the Relay Message Option.
5. Client and Server Behavior Update 5. Client and Server Behavior Update
There are chances that the client or server would receive DHCPv6 There are chances that the client or server would receive DHCPv6
messages with unknown types. In this case, the client or server MUST messages with unknown types. In this case, the client or server MUST
discard the unrecognized messages. silently discard the unrecognized messages.
6. Security Considerations 6. Security Considerations
As the relay agent will forward all unknown types of DHCPv6 messages, As the relay agent will forward all unknown types of DHCPv6 messages,
a malicious attacker can interfere with the relaying function by a malicious attacker can interfere with the relaying function by
constructing fake DHCPv6 messages with arbitrary type code. The same constructing fake DHCPv6 messages with arbitrary type code. The same
problem may happen in current DHCPv4 and DHCPv6 practice where the problem may happen in current DHCPv4 and DHCPv6 practice where the
attacker has to construct the fake DHCP message with an known type attacker constructs the fake DHCP message with a known type code.
code.
Clients and servers that implement this specification will discard Clients and servers that implement this specification will discard
unknown DHCPv6 messages. Since RFC3315 did not specify either relay, unknown DHCPv6 messages. Since RFC3315 did not specify either relay
client or server behavior in the presence of unknown messages, it is agent, client or server behavior in the presence of unknown messages,
possible that some servers or clients that have not been updated to it is possible that some servers or clients that have not been
conform to this specification might be made vulnerable to client updated to conform to this specification might be made vulnerable to
attacks through the relay agent. client attacks through the relay agent.
For this reason, we recommend that relay agents, clients and servers For this reason, we recommend that relay agents, clients and servers
be updated to follow this new specification. However, in most be updated to follow this new specification. However, in most
deployment scenarios, it will be much easier to attack clients deployment scenarios, it will be much easier to attack clients
directly than through a relay; furthermore, attacks using unknown directly than through a relay agent; furthermore, attacks using
message types are already possible on the local wire. unknown message types are already possible on the local wire.
So in most cases, if clients are not upgraded there should be minimal So in most cases, if clients are not upgraded there should be minimal
additional risk; at sites where only servers and relays can be additional risk; at sites where only servers and relay agents can be
upgraded, the incremental benefit of doing so most likely exceeds any upgraded, the incremental benefit of doing so most likely exceeds any
risk due to vulnerable clients. risk due to vulnerable clients.
Nothing in this update should be construed to mean that relay agents Nothing in this update should be construed to mean that relay agents
may not be administratively configurable to drop messages on the may not be administratively configurable to drop messages on the
basis of the message type, for security reasons (e.g., in a basis of the message type, for security reasons (e.g., in a
firewall). firewall).
7. IANA Considerations 7. IANA Considerations
This document does not include an IANA request. This document does not include an IANA request.
8. Contributors List 8. Contributors List
Many thanks to Bernie Volz, Cong Liu and Yuchi Chen for their Many thanks to Bernie Volz, Tomek Mrugalski, Sheng Jiang, Cong Liu
contributions to the document. and Yuchi Chen for their contributions to the document.
9. Normative References 9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
 End of changes. 26 change blocks. 
64 lines changed or deleted 82 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/